Lucene search
GoogleOSV:GHSA-6FRX-2R5W-C524HistoryApr 22, 2022 - 12:24 a.m.
Smarty3 Arbitrary PHP Code Execution
2022-04-2200:24:15
Google
osv.dev
6
smarty3
arbitrary code execution
php
sysplugins
The $smarty.template variable in Smarty3 allows attackers to possibly execute arbitrary PHP code via the sysplugins/smarty_internal_compile_private_special_variable.php file.
References
github.com/smarty-php/smarty
github.com/smarty-php/smarty/commit/0154f17de2b2dd16ff9c016923015ac19af9c0cb
nvd.nist.gov/vuln/detail/CVE-2011-1028
seclists.org/oss-sec/2011/q1/313
security-tracker.debian.org/tracker/CVE-2011-1028
web.archive.org/web/20110609032516/smarty-php.googlecode.com/svn/trunk/distribution/change_log.txt
www.smarty.net/forums/viewtopic.php?t=18815
Related
debiancve
debiancve
CVE-2011-1028
2019-11-20 15:15:11
ubuntucve
ubuntucve
CVE-2011-1028
2019-11-20 00:00:00
cvelist
cvelist
CVE-2011-1028
2019-11-20 14:45:10
nvd
nvd
CVE-2011-1028
2019-11-20 15:15:11
prion
prion
Code injection
2019-11-20 15:15:00
github
github
Smarty3 Arbitrary PHP Code Execution
2022-04-22 00:24:15
cve
cve
CVE-2011-1028
2019-11-20 15:15:11